Login Simplified

If I were to ask you what the biggest systems security risk is right
now, what would you say? The SQL Slammer virus? IIS buffer overruns? Malicious
scripts sent via e-mail? These are some of the most common answers. While
these are problems, to be sure, most people overlook the simplest and
most dangerous security risk of all—weak passwords. There’s no end to
what hackers can do if they crack even one password on your network. The
problem is that users have so many passwords to remember that they’re
forced to make them weak just so they can remember them. So what can you
do to mitigate this risk? Protocom comes to the rescue with SecureLogin.

SecureLogin is a client-server product that provides single sign-on capability to your users. This means that your users only log on at system start up. After that, any time a password is required, it’s provided by SecureLogin.

The way it works is simple: On the back end, SecureLogin supports NetWare NDS, Windows Active Directory and LDAP. When the server portion is installed, the network directory schema is modified so that user passwords can be stored directly, with the user objects in the directory. Once the server portion is in place, you install the client software on each machine, which will run at system startup. While the client program is active, it constantly monitors the system for password requests and, when it finds a request, it asks the user if he or she wants to store the password for future use. If the user allows SecureLogin to manage the password, it’s stored in the network directory structure and recalled every time that password field comes up (see figure).

This raises a few questions, though. You may wonder what happens if users
change one of the passwords managed by SecureLogin. The client program
has built-in management functions that allow users to change passwords
and even manually add and remove managed sites so they’re completely in
control of their passwords. Also, you may wonder about the security of
the passwords as they’re transferred over the network. To put your mind
at ease. SecureLogin uses a challenge/response hashing algorithm with
3DES encryption so that passwords aren’t visible over the wire.

What I really like about this application, besides the obvious relief from stress, is the speed. I run a lot of stuff on my server and this application still runs lightning fast. As soon as I brought up an application or Web page that required a password, SecureLogin instantly provided it and I was logged in.

There are two important things to keep in mind when considering this product. The first is that this is client/server. If you have a small network without a server, this won’t work. Second is the price. For what SecureLogin does, the $79 per user is fair, but it can add up. Overall, if you’re interested in securing your network and making your users’ lives easier, consider this product.

[SecureLogin version 3.1 is set to ship this summer—Ed.]

About the Author

Joseph L. Jorden, MCSE, MCT, CCNA, CCDA is Chief Technical Officer for Dugger & Associates (www.Dugger-IT.com). He was one of the first 100
people to achieve the MCSE+I and one of the first 2,000 to become an MCSE under Windows 2000. Joseph frequently contributes to books from Sybex and various periodicals.